We rotate our keys twice a year and there is no significant impact or downtime at your end. Your IDP may rotate keys periodically. Typically once or more every year. Please refer to your IT administrator to plan for certificate rotation and downtime. Although SSO continue to work with out any rotation, we recommend rotating keys at-least once every year.